Configuring E-Commerce Web Sites

Whilst the individual technologies to set up and maintain a Web site are quite mature, there are many pitfalls for the unwary. Expert guidance is essential if your e-commerce Web site is to withstand attack.

To view the related Policy click      

  • You may set an inappropriate level of privilege by accepting the default values when configuring your Web site. This could give 'carte-blanche' access to the files on your Web server when the Web software is run.

    e.g. The System Administrator sets up a Web site and needs to set up the server - logically using the most powerful 'super user' privilege. Without any real concern for the ongoing Information Security implications, the privilege is left at 'super user' and results in all software being run at this level. Anyone compromising the security of the Web server would then gain access at this level and would be able to read, write, create, or execute any file on this server.

There are multiple Key Actions providing safeguards against this Information Security Issue. These are available in the registered version of RUSecure™.

  • E-commerce transactions will always require user input, execution and update. This is often accomplished on a Web server using a Common Gateway Interface - CGI script. However, such scripts can be exploited by malicious users to execute system commands for illegal purposes.

There are multiple Key Actions providing safeguards against this Information Security Issue. These are available in the registered version of RUSecure™.

Previous PageTop of this pageNext Page


Information Security Policies from US$595

 From
 US$595

Use of the guidance contained within RUSecure™ is subject to the End User Licence Agreement
This site created with EasyHTMLHelp(tm) for MS Word

 

Next PageUpPrevious Page